Adobe Reader Zero-Day with Active Exploit Fixed in Emergency Patch
A cybersecurity researcher is urging all users to upgrade Adobe Acrobat Reader after the release of a critical security fix for a zero-day remote code execution vulnerability, which has a publicly available proof-of-concept (PoC) exploit being actively used in the wild.
Vulnerability Details
The flaw, tracked as CVE-2024-41869, is a use-after-free vulnerability, a memory corruption issue that can lead to remote code execution (RCE) if a user opens a specially crafted PDF document.
In use-after-free bugs, programs attempt to access memory that has already been released, causing unpredictable behavior like crashes or freezes. In more severe cases, like CVE-2024-41869, attackers can inject malicious code into the freed memory space, leading to the execution of arbitrary code on the victim’s machine.
Adobe has since patched this vulnerability in its latest versions of Adobe Acrobat Reader and Adobe Acrobat. All users are advised to install the updates as soon as possible.
See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses
Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.
Zero-Day Discovery and Proof-of-Concept
The zero-day was discovered in June 2024 by EXPMON, a sandbox-based exploit detection platform developed by cybersecurity researcher Haifei Li. EXPMON is designed to identify advanced exploits, such as zero-day vulnerabilities, from a perspective different from traditional malware analysis systems.
Li explained, “EXPMON focuses on detecting threats from an exploit or vulnerability perspective, which is critical for early detection. Unlike malware analysis systems that look for malicious code, EXPMON finds potential threats based on how exploits behave.”
The zero-day was initially found in a public PDF sample that caused Acrobat Reader to crash. Upon analysis, the sample was confirmed to exploit a use-after-free bug, potentially leading to remote code execution.
Previous Patch Failed
After EXPMON disclosed the flaw to Adobe, an initial security update was released in August 2024. However, this update did not fully resolve the issue. When tested, the bug could still be triggered by closing certain dialog boxes within Adobe Acrobat Reader, leading to crashes.
“We tested the exact same sample on the ‘patched’ Adobe Reader version,” tweeted EXPMON, “and the app still crashed! Same UAF bug!”
The flaw was fully fixed on September 11, 2024, with the release of a new security update.
Trending: Recon Tool: FinalRecon
Further Details Coming Soon
Li will share technical details on how the vulnerability was detected on EXPMON’s blog and will publish an in-depth analysis in an upcoming Check Point Research report.
Are u a security researcher? Or a company that writes articles about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing? If you want to express your idea in an article contact us here for a quote: [email protected]
Source: bleepingcomputer.com
Recent News
Offensive Security & Ethical Hacking Course
Begin the learning curve of hacking now!
Information Security Solutions
Find out how Pentesting Services can help you.
